Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix extra driver permissions with jailer #393

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fix extra driver permissions with jailer #393

wants to merge 1 commit into from
+4 −0

Conversation

jwilder
Copy link

@jwilder jwilder commented Mar 6, 2022

When using the jailer config with a different uid/gid and
more than one attached volume, the additional volumes are still
owned by root causing a permission error when the VM starts.

This chowns the extra volume files to the jailer config uid/gid.

Sample logs:

time="2022-03-05T18:36:48-07:00" level=info msg="Attaching drive rootfs.ext4, slot 1, root true."
time="2022-03-05T18:36:48-07:00" level=info msg="Attached drive rootfs.ext4: [PUT /drives/{drive_id}][204] putGuestDriveByIdNoContent "
time="2022-03-05T18:36:48-07:00" level=info msg="Attaching drive overlay.ext4, slot 2, root false."
2022-03-06T01:36:48.117232076 [9285e3caaef3:fc_api:ERROR:src/api_server/src/parsed_request.rs:174] Received Error. Status code: 400 Bad Request. Message: Unable to create the block device BackingFile(Os { code: 13, kind: PermissionDenied, message: "Permission denied" })
time="2022-03-05T18:36:48-07:00" level=error msg="Attach drive failed: overlay.ext4: [PUT /drives/{drive_id}][400] putGuestDriveByIdBadRequest  &{FaultMessage:Unable to create the block device BackingFile(Os { code: 13, kind: PermissionDenied, message: \"Permission denied\" })}"
time="2022-03-05T18:36:48-07:00" level=error msg="While attaching drive overlay.ext4, got error [PUT /drives/{drive_id}][400] putGuestDriveByIdBadRequest  &{FaultMessage:Unable to create the block device BackingFile(Os { code: 13, kind: PermissionDenied, message: \"Permission denied\" })}"
time="2022-03-05T18:36:48-07:00" level=warning msg="Failed handler \"fcinit.AttachDrives\": [PUT /drives/{drive_id}][400] putGuestDriveByIdBadRequest  &{FaultMessage:Unable to create the block device BackingFile(Os { code: 13, kind: PermissionDenied, message: \"Permission denied\" })}"
start machine: [PUT /drives/{drive_id}][400] putGuestDriveByIdBadRequest  &{FaultMessage:Unable to create the block device BackingFile(Os { code: 13, kind: PermissionDenied, message: "Permission denied" })}

Description of changes:

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@jwilder
Fix extra driver permissions with jailer
1a872b4 
When using the jailer config with a different uid/gid and
more than one attached volume, the additional volumes are still
owned by root causing a permission error when the VM starts.

This chowns the extra volume files to the jailer config uid/gid.
@jwilder jwilder requested a review from a team as a code owner March 6, 2022 01:45
@austinvazquez
Copy link
Contributor

@jwilder, lgtm. For the buildkite failure, just need a dco in your commit message.

@jeffwidman
Copy link

nudge @jwilder

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@jwilder @austinvazquez @jeffwidman